cafe-grader-web Commit - r852:41c96ab8e589

cafe-grader-web

Commit `r852:41c96ab8e589` public

parent | child

Description:

use uuid cookie

Commit status:

[Not Reviewed]

References:

default

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r852:41c96ab8e589 - Thu, 03 Feb 2022 17:22:51 - 2 files changed: 19 inserted, 1 deleted

app/controllers/application_controller.rb ¶ +8

               require 'ipaddr'
+            + require "securerandom"
               class ApplicationController < ActionController::Base
                 protect_from_forgery
                 before_action :current_user
                 before_action :nav_announcement
+            +   before_action :unique_visitor_id
                 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
                 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
                 WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore'
                 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
                 #report and redirect for unauthorized activities
                 def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
                   flash[:notice] = notice
                   redirect_to login_main_path
                 end
                 # Returns the current logged-in user (if any).
                 def current_user
                   return nil unless session[:user_id]
                   @current_user ||= User.find(session[:user_id])
                 end
                 def nav_announcement
                   @nav_announcement = Announcement.where(on_nav_bar: true)
                 end
                 def admin_authorization
                   return false unless check_valid_login
                   unless user.admin?
                     unauthorized_redirect
                     return false
                   end
                   return true
                 end
                 def authorization_by_roles(allowed_roles)
                   return false unless check_valid_login
                   unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) }
                     unauthorized_redirect
                     return false
                   end
                 end
                 def testcase_authorization
                   #admin always has privileged
                   if @current_user.admin?
                     return true
                   end
                   unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
                 end
+            +   def unique_visitor_id
+            +     unless cookies[:uuid]
+            +       value = SecureRandom.uuid
+            +       cookies[:uuid] = { value: value, expires: 20.year }
+            +     end
+            +   end
                 protected
                 #redirect to root (and also force logout)
                 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
                 def check_valid_login
                   #check if logged in
                   unless session[:user_id]
                     if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
                       unauthorized_redirect('You need to login but you cannot log in at this time')
                     else
                       unauthorized_redirect('You need to login')
                     end
                     return false
                   end
                   # check if run in single user mode
                   if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
                     if @current_user==nil || (!@current_user.admin?)
                       unauthorized_redirect('You cannot log in at this time')
                       return false
                     end
                   end

app/controllers/login_controller.rb ¶ +11 -1

               class LoginController < ApplicationController
                 @@authenticators = []
                 def index
                   # show login screen
                   reset_session
                   redirect_to :controller => 'main', :action => 'login'
                 end
                 def login
                   user = get_authenticated_user(params[:login], params[:password])
                   unless user
                     flash[:notice] = 'Wrong password'
                     redirect_to :controller => 'main', :action => 'login'
                     return
                   end
                   if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin?
                     flash[:notice] = 'You must accept the agreement before logging in'
                     redirect_to :controller => 'main', :action => 'login'
                     return
                   end
+            +     #store uuid when login
+            +     if user.last_ip.nil?
+            +       user.last_ip = cookies[:uuid]
+            +     else
+            +       if user.last_ip != cookies[:uuid]
+            +         user.last_ip =cookies[:uuid]
+            +         #log different login
+            +       end
+            +     end
+            +
                   #process logging in
                   session[:user_id] = user.id
                   session[:admin] = user.admin?
                   # clear forced logout flag for multicontests contest change
                   if GraderConfiguration.multicontests?
                     contest_stat = user.contest_stat
                     if contest_stat.respond_to? :forced_logout
                       if contest_stat.forced_logout
                         contest_stat.forced_logout = false
                         contest_stat.save
                       end
                     end
                   end
                   #save login information
-            -     Login.create(user_id: user.id, ip_address: request.remote_ip)
+            +     Login.create(user_id: user.id, ip_address: cookies[:uuid])
                   redirect_to :controller => 'main', :action => 'list'
                 end
                 def site_login
                   begin
                     site = Site.find(params[:login][:site_id])
                   rescue ActiveRecord::RecordNotFound
                     site = nil
                   end
                   if site==nil
                     flash[:notice] = 'Wrong site'
                     redirect_to :controller => 'main', :action => 'login'  and return
                   end
                   if (site.password) and (site.password == params[:login][:password])
                     session[:site_id] = site.id
                     redirect_to :controller => 'site', :action => 'index'
                   else
                     flash[:notice] = 'Wrong site password'
                     redirect_to :controller => 'site', :action => 'login'
                   end
                 end
                 def logout

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r852:41c96ab8e589 - Thu, 03 Feb 2022 17:22:51 - 2 files changed: 19 inserted, 1 deleted

Sign in to your account

Commit r852:41c96ab8e589 public

Author

r852:41c96ab8e589 - Thu, 03 Feb 2022 17:22:51 - 2 files changed: 19 inserted, 1 deleted

Commit `r852:41c96ab8e589` public